Position Title: Technology Risk & Governance Consultant
Location: Toronto, ON
Duration: 12 months
Story Behind the Need
Business group: Internal Controls and Regulatory Management
Project: IT Risk Management team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for client and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, and Audit and Regulatory issue remediation.
Reason: new requirement
Candidate Value Proposition: There are many exciting opportunities to grow in the areas of technology governance, risk management of technology and cyber security risks, and work with many cross-functional teams within the Bank. Be a part of dynamic team with focus on process improvements and automations.
Typical Day in Role:
The main responsibility includes but not limited to:
Review and revise as needed the IT and cyber security risk assessment processes, results, and artifacts to reduce overlaps and gaps and to produce results that are reusable, complete, accurate, current, can be aggregated, and are consistently actioned.
Document a consolidated view of, and consistent aspects of the approach (e.g., taxonomy) to, the IT and cyber risk assessment program is required to enable consistency, completeness, and accurate information in support of governance, oversight, and reporting. Initial tasks that will need to be completed include, but are not limited to:
- Create a risk assessment universe, for IT and cyber specific assessments and to clarify the role of each assessment and certain aspects of organizational assessments (e.g., using an IT process taxonomy and a risk taxonomy)
- Develop a clear standard to align and aggregate results, and to assess and treat IT and cyber security gaps from risk assessments
- Deploy the risk assessment universe, and capabilities to support the expectations of the standard, in an appropriately robust tool including workflows and consistent documentation.
Candidate Requirements/Must Have Skills:
- Candidates should have a breadth of IT, and/or non-financial Risk management experience (governance, operations, audit, control functions, compliance, risk management) over 10+ years.
- Requires strong working knowledge in IT Risk management experience in 5+ areas including but not limited to; systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset.
- Knowledge of banking businesses including related systems, procedures, regulations expected. Additional merit awarded for experience in relevant portfolio business line.
- Strong PPT presentation design and delivery expected as part of the leadership team. Data Analytics and Visual dashboarding would be desirable.
- Knowledge or understanding of Risk / Control frameworks is desirable (ITIL, ISO, COBIT, NIST).
Nice-To-Have Skills:
- Big 4 consulting experience will be an asset.
- Additional relevant Certifications would be an asset – ITIL V3 Foundation Cert. in ITSM, COBIT, CRISC, CISSP.
- Experience with technology and cyber security risk assessments, including Threat Risk Assessments, self-risk control assessments, vulnerability assessments, etc.
Soft skills:
- Possessing a diverse set of skills and knowledge across various fields, enabling adaptability and a broad perspective in problem-solving.
- The ability to reason systematically and evaluate information objectively to make sound decisions and solve complex problems.
- Examining and interpreting data to extract meaningful insights, identify trends, and support decision-making processes.
- Effectively engaging and communicating with all parties involved in a project to ensure their needs and expectations are met.
- The ability to convey information clearly and effectively, both verbally and in writing, to various audiences.
- of managing tasks and responsibilities autonomously, requiring little oversight to achieve goals.
- Driven by personal initiative and a strong internal desire to achieve and excel without needing external encouragement.
- The ability to plan, prioritize, and manage time and resources efficiently to achieve objectives.
Education:
- Bachelor’s degree in computer science, Engineering, Business Commerce, or equivalent experience.
Best VS. Average Candidate:
Well rounded candidate with soft skills and must have skills.
Candidate Review & Selection
1st round – Director & Team member –in-person preferred / MS teams – 45mins.
2nd round – With stakeholders of the role – MS teams – 30mins
The team will be assessing both soft and technical skills.
The pay range that the employer reasonably expects to pay for this position is between and
Our voluntary benefits offering includes medical, dental, vision and retirement benefits.
Applications will be accepted on an ongoing basis.
Tundra Technical Solutions would like to thank you for the interest you have demonstrated in this opportunity. However, only candidates with the required skills will be contacted.
Tundra Technical Solutions is an Equal Opportunity/Affirmative Action Employer. We welcome and encourage diversity in our workplace.
Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!
Tundra Technical Solutions is among North America’s leading providers of Information Technology and Engineering staffing and consulting services. Our success and our clients’ success are built on a foundation of service excellence. Rather than continually trying to sell to new clients and companies and simply filling databases with candidates, we focus on developing stronger relationships and deeper knowledge of our existing clients’ challenges and opportunities.
Open ears. Open minds. Open futures